

willow93
Membres-
Compteur de contenus
25 -
Inscription
-
Dernière visite
willow93's Achievements

Member (4/12)
0
Réputation sur la communauté
-
[Résolu] PC Infecté
willow93 a répondu à un(e) sujet de willow93 dans Analyses et éradication malwares
Encore .... MERCI !! -
[Résolu] PC Infecté
willow93 a répondu à un(e) sujet de willow93 dans Analyses et éradication malwares
L'ordi parait sain ... Mes parents te remercient et demandent comment éviter de re-choper ces virus ? Sachant qu'ils ne téléchargent pas ! -
[Résolu] PC Infecté
willow93 a répondu à un(e) sujet de willow93 dans Analyses et éradication malwares
############################## | UsbFix 7.048 | [suppression] Utilisateur: Proprietaire (Administrateur) # ORDI-BUREAU [ ] Mis à jour le 11/06/2011 par TeamXscript Lancé à 11:57:40 | 18/06/2011 Site Web: http://www.teamxscript.org Submit your sample: http://www.teamxscript.org/Upload.php Contact: TeamXscript.ElDesaparecido@gmail.com CPU: AMD Processor model unknown Microsoft Windows XP Édition familiale (5.1.2600 32-Bit) # Service Pack 3 Internet Explorer 8.0.6001.18702 Pare-feu Windows: Activé Antivirus: avast! Antivirus 5.0.100664421 [Enabled | Updated] RAM -> 2943 Mo C:\ (%systemdrive%) -> Disque fixe # 298 Go (239 Go libre(s) - 80%) [] # NTFS D:\ -> CD-ROM E:\ -> Disque amovible # 956 Mo (269 Mo libre(s) - 28%) [uDISK] # FAT F:\ -> CD-ROM Z:\ -> Disque fixe # 932 Go (921 Go libre(s) - 99%) [Naudins disk externe] # NTFS ################## | Éléments infectieux | Supprimé! C:\Recycler\S-1-5-21-606747145-1004336348-682003330-1004 Supprimé! Z:\Recycler\S-1-5-21-606747145-1004336348-682003330-1004 ################## | Registre | ################## | Mountpoints2 | Supprimé! HKCU\.\.\.\.\Explorer\MountPoints2\{72e53365-c981-11de-aec0-0026187689d9} Supprimé! HKCU\.\.\.\.\Explorer\MountPoints2\{82cf69c4-9f8c-11de-948a-806d6172696f} Supprimé! HKCU\.\.\.\.\Explorer\MountPoints2\{c1a542fa-6776-11e0-af88-0026187689d9} ################## | Listing | [12/09/2009 - 12:01:45 | D ] C:\5cd38f7d474ff71e7d02efa03b [12/09/2009 - 11:30:41 | N | 0] C:\AUTOEXEC.BAT [17/06/2011 - 18:10:39 | N | 216] C:\boot.ini [14/04/2008 - 14:00:00 | N | 4952] C:\Bootfont.bin [17/06/2011 - 23:21:17 | D ] C:\Config.Msi [12/09/2009 - 11:30:41 | N | 0] C:\CONFIG.SYS [07/11/2009 - 16:39:06 | N | 81] C:\CTX.DAT [12/09/2009 - 11:35:26 | D ] C:\Documents and Settings [12/09/2009 - 11:30:41 | N | 0] C:\IO.SYS [12/09/2009 - 11:30:41 | N | 0] C:\MSDOS.SYS [17/06/2011 - 23:19:15 | RHD ] C:\MSOCache [14/04/2008 - 14:00:00 | N | 47564] C:\NTDETECT.COM [14/04/2008 - 14:00:00 | N | 252240] C:\ntldr [17/06/2011 - 20:58:53 | ASH | 2145386496] C:\pagefile.sys [17/06/2011 - 18:21:32 | N | 512] C:\PhysicalDisk0_MBR.bin [17/06/2011 - 23:56:30 | D ] C:\Program Files [18/06/2011 - 11:59:14 | SHD ] C:\RECYCLER [16/06/2011 - 18:30:32 | SHD ] C:\System Volume Information [17/06/2011 - 18:52:08 | N | 41594] C:\TDSSKiller.2.5.5.0_17.06.2011_18.50.24_log.txt [18/06/2011 - 11:59:14 | D ] C:\UsbFix [18/06/2011 - 11:59:14 | A | 1081] C:\UsbFix.txt [24/12/2009 - 18:42:02 | D ] C:\UT2004 [17/06/2011 - 23:54:57 | D ] C:\WINDOWS [17/06/2011 - 09:53:38 | D ] C:\wins.Bin [17/06/2011 - 20:51:49 | N | 5230] C:\ZHPExportRegistry-17-06-2011-20-51-49.txt [17/06/2011 - 17:15:01 | D ] C:\_OTM [25/05/2011 - 19:25:48 | D ] E:\callanques 2011 [26/12/2009 - 16:20:28 | D ] E:\Chiots de Ork [26/12/2009 - 16:23:02 | D ] E:\cannes 2007 [26/12/2009 - 16:24:16 | D ] E:\chiots 2007 [01/11/2010 - 23:47:54 | D ] E:\chalet coralie [03/09/2010 - 22:16:22 | N | 2776244] E:\appart juju.zip [30/08/2010 - 16:30:18 | D ] E:\avri l2010 anniv ginette [10/01/2011 - 18:02:30 | D ] E:\mariage Mélissa (2) [20/05/2011 - 14:43:38 | D ] E:\alleyras mai 2011 [26/05/2011 - 22:08:17 | D ] Z:\Annie [18/06/2011 - 11:59:14 | SHD ] Z:\RECYCLER [24/05/2011 - 10:47:49 | SHD ] Z:\System Volume Information ################## | Vaccin | C:\Autorun.inf -> Vaccin créé par UsbFix (TeamXscript) E:\Autorun.inf -> Vaccin créé par UsbFix (TeamXscript) Z:\Autorun.inf -> Vaccin créé par UsbFix (TeamXscript) ################## | Upload | Veuillez envoyer le fichier: C:\UsbFix_Upload_Me_ORDI-BUREAU.zip http://www.teamxscript.org/Upload.php Merci de votre contribution. ################## | E.O.F | -
[Résolu] PC Infecté
willow93 a répondu à un(e) sujet de willow93 dans Analyses et éradication malwares
############################## | UsbFix 7.048 | [Recherche] Utilisateur: Proprietaire (Administrateur) # ORDI-BUREAU [ ] Mis à jour le 11/06/2011 par TeamXscript Lancé à 23:23:13 | 17/06/2011 Site Web: http://www.teamxscript.org Submit your sample: http://www.teamxscript.org/Upload.php Contact: TeamXscript.ElDesaparecido@gmail.com CPU: AMD Processor model unknown Microsoft Windows XP Édition familiale (5.1.2600 32-Bit) # Service Pack 3 Internet Explorer 8.0.6001.18702 Pare-feu Windows: Activé Antivirus: avast! Antivirus 5.0.100664421 [(!) Disabled | Updated] RAM -> 2943 Mo C:\ (%systemdrive%) -> Disque fixe # 298 Go (255 Go libre(s) - 85%) [] # NTFS D:\ -> CD-ROM E:\ -> Disque amovible # 956 Mo (269 Mo libre(s) - 28%) [uDISK] # FAT F:\ -> CD-ROM Z:\ -> Disque fixe # 932 Go (921 Go libre(s) - 99%) [Naudins disk externe] # NTFS ################## | Éléments infectieux | ################## | Registre | ################## | Mountpoints2 | HKCU\.\.\.\.\Explorer\MountPoints2\{72e53365-c981-11de-aec0-0026187689d9} Shell\AutoRun\Command = G:\InstallTomTomHOME.exe HKCU\.\.\.\.\Explorer\MountPoints2\{82cf69c4-9f8c-11de-948a-806d6172696f} Shell\AutoRun\Command = D:\Bin\ASSETUP.exe HKCU\.\.\.\.\Explorer\MountPoints2\{c1a542fa-6776-11e0-af88-0026187689d9} Shell\AutoRun\Command = E:\iStudio.exe ################## | Vaccin | (!) Cet ordinateur n'est pas vacciné! ################## | E.O.F | -
[Résolu] PC Infecté
willow93 a répondu à un(e) sujet de willow93 dans Analyses et éradication malwares
On a l'air bon : Malwarebytes' Anti-Malware 1.51.0.1200 www.malwarebytes.org Version de la base de données: 6880 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 17/06/2011 21:48:24 mbam-log-2011-06-17 (21-48-24).txt Type d'examen: Examen complet (C:\|E:\|Z:\|) Elément(s) analysé(s): 202730 Temps écoulé: 27 minute(s), 24 seconde(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 0 Valeur(s) du Registre infectée(s): 0 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 0 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): (Aucun élément nuisible détecté) Valeur(s) du Registre infectée(s): (Aucun élément nuisible détecté) Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): (Aucun élément nuisible détecté) Plus de messages d'avast (pour l'instant) -
[Résolu] PC Infecté
willow93 a répondu à un(e) sujet de willow93 dans Analyses et éradication malwares
Bon appétit RogueKiller V5.2.3 [16/06/2011] par Tigzy contact sur Forum Sciences / Forum Informatique - Sur la Toile (SLT) mail: tigzyRK<at>gmail<dot>com Remontees: [RogueKiller] Remontées (1/24) Systeme d'exploitation: Windows XP (5.1.2600 Service Pack 3) 32 bits version Demarrage : Mode normal Utilisateur: Proprietaire [Droits d'admin] Mode: Suppression -- Date : 17/06/2011 19:26:28 Processus malicieux: 0 Entrees de registre: 3 [bLACKLIST] HKLM\[...]\Root : LEGACY_SSHNAS () -> DELETED [HJ] HKLM\[...]\System : EnableLUA (0) -> REPLACED (1) [HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0) Fichier HOSTS: Termine : << RKreport[2].txt >> RKreport[1].txt ; RKreport[2].txt Rapport de ZHPFix 1.12.3316 par Nicolas Coolman, Update du 16/06/2011 Fichier d'export Registre : Run by Proprietaire at 17/06/2011 20:51:49 Windows XP Home Edition Service Pack 3 (Build 2600) Web site : ZHPFix Fix de rapport ========== Clé(s) du Registre ========== ERREUR CLSID MPSK: {82cf69c4-9f8c-11de-948a-806d6172696f} ERREUR Key: Service Legacy: LEGACY_AMSERVICE ABSENT Key: Service Legacy: LEGACY_SSHNAS SUPPRIME Key: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\NetworkCrawler\Objects\WorkgroupCrawler SUPPRIME Key: HKLM\Software\Classes\CLSID\{72B3882F-453A-4633-AAC9-8C3DCED62AFF} SUPPRIME Key: HKLM\Software\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF ========== Valeur(s) du Registre ========== ABSENT IFC: [FEATURE_BROWSER_EMULATION] svchost.exe ========== Préférences navigateur ========== SUPPRIME Mozilla Pref: user_pref("extensions.asktb.cbid", "H2"); SUPPRIME Mozilla Pref: user_pref("extensions.asktb.default-channel-url-mask", "http://fr.ask.com/web?q={query}&qsrc={qsrc}&o={o}&l={l}"); SUPPRIME Mozilla Pref: user_pref("extensions.asktb.fresh-install", false); SUPPRIME Mozilla Pref: user_pref("extensions.asktb.l", "dis"); SUPPRIME Mozilla Pref: user_pref("extensions.asktb.last-config-req", "1261617542164"); SUPPRIME Mozilla Pref: user_pref("extensions.asktb.locale", "fr_FR"); SUPPRIME Mozilla Pref: user_pref("extensions.asktb.o", "15455"); SUPPRIME Mozilla Pref: user_pref("extensions.asktb.overlay-reloaded-using-restart", true); SUPPRIME Mozilla Pref: user_pref("extensions.asktb.qsrc", "2871"); SUPPRIME Mozilla Pref: user_pref("extensions.asktb.r", "2"); ========== Dossier(s) ========== SUPPRIME Temporaires Windows: : 72 SUPPRIME Flash Cookies: 2 ========== Fichier(s) ========== SUPPRIME Temporaires Windows: : 51 SUPPRIME Flash Cookies: 1 ========== Récapitulatif ========== 6 : Clé(s) du Registre 1 : Valeur(s) du Registre 2 : Dossier(s) 2 : Fichier(s) 10 : Préférences navigateur ========== Chemin du fichier rapport ========== C:\Program Files\ZHPDiag\ZHPFixReport.txt End of the scan -
[Résolu] PC Infecté
willow93 a répondu à un(e) sujet de willow93 dans Analyses et éradication malwares
RogueKiller V5.2.3 [16/06/2011] par Tigzy contact sur Forum Sciences / Forum Informatique - Sur la Toile (SLT) mail: tigzyRK<at>gmail<dot>com Remontees: [RogueKiller] Remontées (1/24) Systeme d'exploitation: Windows XP (5.1.2600 Service Pack 3) 32 bits version Demarrage : Mode normal Utilisateur: Proprietaire [Droits d'admin] Mode: Recherche -- Date : 17/06/2011 19:25:55 Processus malicieux: 0 Entrees de registre: 3 [bLACKLIST] HKLM\[...]\Root : LEGACY_SSHNAS () -> FOUND [HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND [HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND Fichier HOSTS: Termine : << RKreport[1].txt >> RKreport[1].txt -
[Résolu] PC Infecté
willow93 a répondu à un(e) sujet de willow93 dans Analyses et éradication malwares
2011/06/17 18:50:24.0671 2308 TDSS rootkit removing tool 2.5.5.0 Jun 16 2011 15:25:15 2011/06/17 18:50:24.0859 2308 ================================================================================ 2011/06/17 18:50:24.0859 2308 SystemInfo: 2011/06/17 18:50:24.0859 2308 2011/06/17 18:50:24.0859 2308 OS Version: 5.1.2600 ServicePack: 3.0 2011/06/17 18:50:24.0859 2308 Product type: Workstation 2011/06/17 18:50:24.0859 2308 ComputerName: ORDI-BUREAU 2011/06/17 18:50:24.0859 2308 UserName: Proprietaire 2011/06/17 18:50:24.0859 2308 Windows directory: C:\WINDOWS 2011/06/17 18:50:24.0859 2308 System windows directory: C:\WINDOWS 2011/06/17 18:50:24.0859 2308 Processor architecture: Intel x86 2011/06/17 18:50:24.0859 2308 Number of processors: 1 2011/06/17 18:50:24.0859 2308 Page size: 0x1000 2011/06/17 18:50:24.0859 2308 Boot type: Normal boot 2011/06/17 18:50:24.0875 2308 ================================================================================ 2011/06/17 18:50:25.0453 2308 Initialize success 2011/06/17 18:50:50.0453 2164 ================================================================================ 2011/06/17 18:50:50.0453 2164 Scan started 2011/06/17 18:50:50.0453 2164 Mode: Manual; 2011/06/17 18:50:50.0453 2164 ================================================================================ 2011/06/17 18:50:52.0015 2164 Aavmker4 (3f6884eff406238d39aaa892218f1df7) C:\WINDOWS\system32\drivers\Aavmker4.sys 2011/06/17 18:50:52.0171 2164 ACPI (e5e6dbfc41ea8aad005cb9a57a96b43b) C:\WINDOWS\system32\DRIVERS\ACPI.sys 2011/06/17 18:50:52.0250 2164 ACPIEC (e4abc1212b70bb03d35e60681c447210) C:\WINDOWS\system32\drivers\ACPIEC.sys 2011/06/17 18:50:52.0359 2164 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys 2011/06/17 18:50:52.0421 2164 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys 2011/06/17 18:50:52.0546 2164 AmdPPM (033448d435e65c4bd72e70521fd05c76) C:\WINDOWS\system32\DRIVERS\AmdPPM.sys 2011/06/17 18:50:52.0687 2164 aswFsBlk (7f08d9c504b015d81a8abd75c80028c5) C:\WINDOWS\system32\drivers\aswFsBlk.sys 2011/06/17 18:50:52.0734 2164 aswMon2 (c2181ef6b54752273a0759a968c59279) C:\WINDOWS\system32\drivers\aswMon2.sys 2011/06/17 18:50:52.0781 2164 aswRdr (ac48bdd4cd5d44af33087c06d6e9511c) C:\WINDOWS\system32\drivers\aswRdr.sys 2011/06/17 18:50:52.0843 2164 aswSnx (b64134316fcd1f20e0f10ef3e65bd522) C:\WINDOWS\system32\drivers\aswSnx.sys 2011/06/17 18:50:52.0875 2164 aswSP (d6788e3211afa9951ed7a4d617f68a4f) C:\WINDOWS\system32\drivers\aswSP.sys 2011/06/17 18:50:52.0921 2164 aswTdi (4d100c45517809439c7b6dd98997fa00) C:\WINDOWS\system32\drivers\aswTdi.sys 2011/06/17 18:50:53.0000 2164 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys 2011/06/17 18:50:53.0078 2164 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys 2011/06/17 18:50:53.0140 2164 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys 2011/06/17 18:50:53.0234 2164 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys 2011/06/17 18:50:53.0312 2164 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys 2011/06/17 18:50:53.0375 2164 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys 2011/06/17 18:50:53.0406 2164 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys 2011/06/17 18:50:53.0468 2164 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys 2011/06/17 18:50:53.0531 2164 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys 2011/06/17 18:50:53.0609 2164 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys 2011/06/17 18:50:53.0781 2164 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys 2011/06/17 18:50:53.0859 2164 dmboot (f5deadd42335fb33edca74ecb2f36cba) C:\WINDOWS\system32\drivers\dmboot.sys 2011/06/17 18:50:53.0890 2164 dmio (5a7c47c9b3f9fb92a66410a7509f0c71) C:\WINDOWS\system32\drivers\dmio.sys 2011/06/17 18:50:53.0906 2164 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys 2011/06/17 18:50:53.0968 2164 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys 2011/06/17 18:50:54.0078 2164 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys 2011/06/17 18:50:54.0140 2164 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys 2011/06/17 18:50:54.0187 2164 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys 2011/06/17 18:50:54.0234 2164 Fips (31f923eb2170fc172c81abda0045d18c) C:\WINDOWS\system32\drivers\Fips.sys 2011/06/17 18:50:54.0265 2164 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys 2011/06/17 18:50:54.0343 2164 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys 2011/06/17 18:50:54.0390 2164 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys 2011/06/17 18:50:54.0453 2164 Ftdisk (a86859b77b908c18c2657f284aa29fe3) C:\WINDOWS\system32\DRIVERS\ftdisk.sys 2011/06/17 18:50:54.0515 2164 giveio (77ebf3e9386daa51551af429052d88d0) C:\WINDOWS\system32\giveio.sys 2011/06/17 18:50:54.0562 2164 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys 2011/06/17 18:50:54.0640 2164 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 2011/06/17 18:50:54.0718 2164 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys 2011/06/17 18:50:54.0796 2164 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys 2011/06/17 18:50:54.0812 2164 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys 2011/06/17 18:50:54.0828 2164 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys 2011/06/17 18:50:54.0890 2164 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys 2011/06/17 18:50:54.0937 2164 i8042prt (a09bdc4ed10e3b2e0ec27bb94af32516) C:\WINDOWS\system32\DRIVERS\i8042prt.sys 2011/06/17 18:50:54.0984 2164 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys 2011/06/17 18:50:55.0187 2164 IntcAzAudAddService (fb4293b1eab313c28d4a1b8db61aca72) C:\WINDOWS\system32\drivers\RtkHDAud.sys 2011/06/17 18:50:55.0265 2164 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys 2011/06/17 18:50:55.0328 2164 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 2011/06/17 18:50:55.0343 2164 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys 2011/06/17 18:50:55.0453 2164 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys 2011/06/17 18:50:55.0546 2164 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys 2011/06/17 18:50:55.0609 2164 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys 2011/06/17 18:50:55.0656 2164 isapnp (355836975a67b6554bca60328cd6cb74) C:\WINDOWS\system32\DRIVERS\isapnp.sys 2011/06/17 18:50:55.0687 2164 Kbdclass (16813155807c6881f4bfbf6657424659) C:\WINDOWS\system32\DRIVERS\kbdclass.sys 2011/06/17 18:50:55.0718 2164 kbdhid (94c59cb884ba010c063687c3a50dce8e) C:\WINDOWS\system32\DRIVERS\kbdhid.sys 2011/06/17 18:50:55.0781 2164 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys 2011/06/17 18:50:55.0843 2164 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys 2011/06/17 18:50:55.0906 2164 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys 2011/06/17 18:50:55.0937 2164 Modem (510ade9327fe84c10254e1902697e25f) C:\WINDOWS\system32\drivers\Modem.sys 2011/06/17 18:50:55.0953 2164 Mouclass (027c01bd7ef3349aaebc883d8a799efb) C:\WINDOWS\system32\DRIVERS\mouclass.sys 2011/06/17 18:50:56.0000 2164 mouhid (124d6846040c79b9c997f78ef4b2a4e5) C:\WINDOWS\system32\DRIVERS\mouhid.sys 2011/06/17 18:50:56.0015 2164 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys 2011/06/17 18:50:56.0046 2164 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys 2011/06/17 18:50:56.0140 2164 MRxSmb (0dc719e9b15e902346e87e9dcd5751fa) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 2011/06/17 18:50:56.0171 2164 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys 2011/06/17 18:50:56.0234 2164 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys 2011/06/17 18:50:56.0281 2164 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys 2011/06/17 18:50:56.0296 2164 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys 2011/06/17 18:50:56.0390 2164 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys 2011/06/17 18:50:56.0437 2164 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys 2011/06/17 18:50:56.0500 2164 MTsensor (d48659bb24c48345d926ecb45c1ebdf5) C:\WINDOWS\system32\DRIVERS\ASACPI.sys 2011/06/17 18:50:56.0578 2164 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys 2011/06/17 18:50:56.0625 2164 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys 2011/06/17 18:50:56.0687 2164 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys 2011/06/17 18:50:56.0750 2164 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys 2011/06/17 18:50:56.0781 2164 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys 2011/06/17 18:50:56.0859 2164 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys 2011/06/17 18:50:56.0875 2164 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys 2011/06/17 18:50:56.0921 2164 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys 2011/06/17 18:50:56.0953 2164 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys 2011/06/17 18:50:57.0000 2164 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys 2011/06/17 18:50:57.0046 2164 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys 2011/06/17 18:50:57.0140 2164 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys 2011/06/17 18:50:57.0171 2164 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys 2011/06/17 18:50:57.0531 2164 nv (b095950698abe343f67098d76810f09e) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys 2011/06/17 18:50:57.0609 2164 NVENETFD (7d275ecda4628318912f6c945d5cf963) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys 2011/06/17 18:50:57.0687 2164 nvgts (ea98bfe4931bd13d747d647c1859796e) C:\WINDOWS\system32\DRIVERS\nvgts.sys 2011/06/17 18:50:57.0703 2164 nvnetbus (b64aacefad2be5bff5353fe681253c67) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys 2011/06/17 18:50:57.0781 2164 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 2011/06/17 18:50:57.0812 2164 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 2011/06/17 18:50:57.0859 2164 Parport (8fd0bdbea875d06ccf6c945ca9abaf75) C:\WINDOWS\system32\DRIVERS\parport.sys 2011/06/17 18:50:57.0890 2164 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys 2011/06/17 18:50:57.0906 2164 ParVdm (9575c5630db8fb804649a6959737154c) C:\WINDOWS\system32\drivers\ParVdm.sys 2011/06/17 18:50:57.0984 2164 PCAMPR5 (b670c5d89f0726b7a2a7dfb4e968cdf8) C:\WINDOWS\system32\PCAMPR5.SYS 2011/06/17 18:50:58.0015 2164 PCANDIS5 (ecd2f9d67b06606064daf6961a6d5efe) C:\WINDOWS\system32\PCANDIS5.SYS 2011/06/17 18:50:58.0062 2164 PCI (043410877bda580c528f45165f7125bc) C:\WINDOWS\system32\DRIVERS\pci.sys 2011/06/17 18:50:58.0093 2164 PCIIde (f4bfde7209c14a07aaa61e4d6ae69eac) C:\WINDOWS\system32\DRIVERS\pciide.sys 2011/06/17 18:50:58.0109 2164 Pcmcia (f0406cbc60bdb0394a0e17ffb04cdd3d) C:\WINDOWS\system32\drivers\Pcmcia.sys 2011/06/17 18:50:58.0296 2164 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys 2011/06/17 18:50:58.0390 2164 PQNTDrv (04f3971b70a7855f04d351aa4bee7799) C:\WINDOWS\system32\drivers\PQNTDrv.sys 2011/06/17 18:50:58.0453 2164 Processor (e19c9632ac828f6f214391e2bdda11cb) C:\WINDOWS\system32\DRIVERS\processr.sys 2011/06/17 18:50:58.0484 2164 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys 2011/06/17 18:50:58.0500 2164 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys 2011/06/17 18:50:58.0562 2164 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\WINDOWS\system32\Drivers\PxHelp20.sys 2011/06/17 18:50:58.0687 2164 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys 2011/06/17 18:50:58.0703 2164 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 2011/06/17 18:50:58.0734 2164 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys 2011/06/17 18:50:58.0750 2164 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys 2011/06/17 18:50:58.0781 2164 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys 2011/06/17 18:50:58.0812 2164 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 2011/06/17 18:50:58.0890 2164 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys 2011/06/17 18:50:58.0937 2164 redbook (d8eb2a7904db6c916eb5361878ddcbae) C:\WINDOWS\system32\DRIVERS\redbook.sys 2011/06/17 18:50:59.0031 2164 RSUSBSTOR (6b065c88a4c05cf44793ac2bfc331ac5) C:\WINDOWS\system32\Drivers\RtsUStor.sys 2011/06/17 18:50:59.0093 2164 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys 2011/06/17 18:50:59.0171 2164 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys 2011/06/17 18:50:59.0187 2164 Serial (93d313c31f7ad9ea2b75f26075413c7c) C:\WINDOWS\system32\DRIVERS\serial.sys 2011/06/17 18:50:59.0218 2164 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys 2011/06/17 18:50:59.0312 2164 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys 2011/06/17 18:50:59.0359 2164 SoC PC-Camera Service (93f11cceab41a47a0a6317b640b3b807) C:\WINDOWS\system32\DRIVERS\pfc027.sys 2011/06/17 18:50:59.0390 2164 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS 2011/06/17 18:50:59.0484 2164 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys 2011/06/17 18:50:59.0609 2164 sptd (cdddec541bc3c96f91ecb48759673505) C:\WINDOWS\system32\Drivers\sptd.sys 2011/06/17 18:50:59.0609 2164 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505 2011/06/17 18:50:59.0625 2164 sptd - detected LockedFile.Multi.Generic (1) 2011/06/17 18:50:59.0656 2164 sr (39626e6dc1fb39434ec40c42722b660a) C:\WINDOWS\system32\DRIVERS\sr.sys 2011/06/17 18:50:59.0703 2164 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys 2011/06/17 18:50:59.0750 2164 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys 2011/06/17 18:50:59.0796 2164 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys 2011/06/17 18:50:59.0875 2164 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys 2011/06/17 18:51:00.0000 2164 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys 2011/06/17 18:51:00.0046 2164 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys 2011/06/17 18:51:00.0109 2164 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys 2011/06/17 18:51:00.0125 2164 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys 2011/06/17 18:51:00.0171 2164 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys 2011/06/17 18:51:00.0250 2164 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys 2011/06/17 18:51:00.0328 2164 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys 2011/06/17 18:51:00.0390 2164 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys 2011/06/17 18:51:00.0421 2164 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys 2011/06/17 18:51:00.0484 2164 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys 2011/06/17 18:51:00.0546 2164 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys 2011/06/17 18:51:00.0593 2164 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys 2011/06/17 18:51:00.0625 2164 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys 2011/06/17 18:51:00.0656 2164 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 2011/06/17 18:51:00.0703 2164 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys 2011/06/17 18:51:00.0781 2164 VolSnap (46de1126684369bace4849e4fc8c43ca) C:\WINDOWS\system32\drivers\VolSnap.sys 2011/06/17 18:51:00.0828 2164 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys 2011/06/17 18:51:00.0906 2164 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys 2011/06/17 18:51:01.0015 2164 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys 2011/06/17 18:51:01.0078 2164 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS 2011/06/17 18:51:01.0093 2164 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys 2011/06/17 18:51:01.0125 2164 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys 2011/06/17 18:51:01.0171 2164 MBR (0x1B8) (dad11e2a62df7f44f938c5059e874339) \Device\Harddisk0\DR0 2011/06/17 18:51:01.0171 2164 \Device\Harddisk0\DR0 - detected Rootkit.Win32.TDSS.tdl4 (0) 2011/06/17 18:51:01.0171 2164 MBR (0x1B8) (26650c08ac5546b66c62409f7a54ada4) \Device\Harddisk1\DR2 2011/06/17 18:51:01.0234 2164 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk2\DR3 2011/06/17 18:51:01.0296 2164 ================================================================================ 2011/06/17 18:51:01.0296 2164 Scan finished 2011/06/17 18:51:01.0296 2164 ================================================================================ 2011/06/17 18:51:01.0312 2152 Detected object count: 2 2011/06/17 18:51:01.0312 2152 Actual detected object count: 2 2011/06/17 18:51:21.0156 2152 LockedFile.Multi.Generic(sptd) - User select action: Skip 2011/06/17 18:51:21.0187 2152 \Device\Harddisk0\DR0 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot 2011/06/17 18:51:21.0187 2152 \Device\Harddisk0\DR0 - ok 2011/06/17 18:51:21.0187 2152 Rootkit.Win32.TDSS.tdl4(\Device\Harddisk0\DR0) - User select action: Cure 2011/06/17 18:52:08.0453 3800 Deinitialize success édit : c'est peut être lié mais maintenant l'upload remarche : http://www.cijoint.fr/cjlink.php?file=cj201106/cijaU4bXXw.txt -
[Résolu] PC Infecté
willow93 a répondu à un(e) sujet de willow93 dans Analyses et éradication malwares
Trés bizzard je ne peut pas Uploader le fichier... sur aucun des liens que tu m'a filé... "La connexion a été réinitialisée La connexion avec le serveur a été réinitialisée pendant le chargement de la page." edit : j'ai vu ton message, non tu est meme plutot très rapide ! Ok je dis plus rien -
[Résolu] PC Infecté
willow93 a répondu à un(e) sujet de willow93 dans Analyses et éradication malwares
au fait le processus Svchost.exe orend une ressource énorme qui augmente avec le temps (167 204 Ko) peut etre faudrait il creuser de ce coté la ? -
[Résolu] PC Infecté
willow93 a répondu à un(e) sujet de willow93 dans Analyses et éradication malwares
Pour info c'est le PC de mes parents qui sont un peu Noobs... Rapport Scan : ======= RAPPORT D'AD-REMOVER 2.0.0.2,G | UNIQUEMENT XP/VISTA/7 ======= Mis à jour par TeamXscript le 12/04/11 Contact: AdRemover[DOT]contact[AT]gmail[DOT]com Site web: http://www.teamxscript.org C:\Program Files\Ad-Remover\main.exe (SCAN [1]) -> Lancé à 17:51:56 le 17/06/2011, Mode normal Microsoft Windows XP Édition familiale Service Pack 3 (X86) Proprietaire@ORDI-BUREAU ( ) ============== RECHERCHE ============== Fichier trouvé: C:\Program Files\Mozilla FireFox\Components\AskHPRFF.js Fichier trouvé: C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job Fichier trouvé: C:\Documents and Settings\Proprietaire\Application Data\Mozilla\FireFox\Profiles\19t66wo9.default\searchplugins\askcom.xml Dossier trouvé: C:\Documents and Settings\Proprietaire\Local Settings\Application Data\AskToolbar -- Fichier ouvert: C:\Documents and Settings\Proprietaire\Application Data\Mozilla\FireFox\Profiles\19t66wo9.default\Prefs.js -- Ligne trouvée: user_pref("browser.search.defaultengine", "Ask.com"); Ligne trouvée: user_pref("browser.search.defaultenginename", "Ask.com"); Ligne trouvée: user_pref("browser.search.order.1", "Ask.com"); Ligne trouvée: user_pref("extensions.asktb.cbid", "H2"); Ligne trouvée: user_pref("extensions.asktb.default-channel-url-mask", "hxxp://fr.ask.com/web?q={query}&qsrc={qsrc}&... Ligne trouvée: user_pref("extensions.asktb.fresh-install", false); Ligne trouvée: user_pref("extensions.asktb.l", "dis"); Ligne trouvée: user_pref("extensions.asktb.last-config-req", "1261617542164"); Ligne trouvée: user_pref("extensions.asktb.locale", "fr_FR"); Ligne trouvée: user_pref("extensions.asktb.o", "15455"); Ligne trouvée: user_pref("extensions.asktb.overlay-reloaded-using-restart", true); Ligne trouvée: user_pref("extensions.asktb.qsrc", "2871"); Ligne trouvée: user_pref("extensions.asktb.r", "2"); -- Fichier Fermé -- Clé trouvée: HKLM\Software\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC} Clé trouvée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC} Clé trouvée: HKLM\Software\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456} Clé trouvée: HKLM\Software\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92} Clé trouvée: HKLM\Software\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E} Clé trouvée: HKLM\Software\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56} Clé trouvée: HKLM\Software\Classes\GenericAskToolbar.ToolbarWnd Clé trouvée: HKLM\Software\Classes\GenericAskToolbar.ToolbarWnd.1 Clé trouvée: HKLM\Software\Classes\AppID\GenericAskToolbar.DLL Clé trouvée: HKLM\Software\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874} Clé trouvée: HKCU\Software\Ask.com Clé trouvée: HKCU\Software\AskToolbar Clé trouvée: HKCU\Software\AppDataLow\AskBarDis Clé trouvée: HKCU\Software\AppDataLow\AskHomePage Clé trouvée: HKCU\Software\AppDataLow\AskToolbarInfo Clé trouvée: HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF Clé trouvée: HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF Clé trouvée: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} Clé trouvée: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A} Clé trouvée: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A} Clé trouvée: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE} Clé trouvée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440} Clé trouvée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440} Valeur trouvée: HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser|{D4027C7F-154A-4066-A1AD-4243D8127440} ============== SCAN ADDITIONNEL ============== **** Mozilla Firefox Version [4.0.1 (fr)] **** HKLM_MozillaPlugins\Adobe Reader (x) Searchplugins\bing.xml ( hxxp://www.bing.com/search) Searchplugins\pucuy.xml (hxxp://www.pucuy.com/google) Components\AskHPRFF.js Components\browsercomps.dll (Mozilla Foundation) -- C:\Documents and Settings\Proprietaire\Application Data\Mozilla\FireFox\Profiles\19t66wo9.default -- Extensions\toolbar@iadah.com (?) Extensions\z0rya@free.fr (zoryazilla) Searchplugins\askcom.xml (?) Searchplugins\iadah.xml (<SearchPlugin xmlns=hxxp://www.mozilla.org/2006/browser/search/<ShortNameiadah</ShortName<Descriptioniadah</Description<...) Prefs.js - browser.download.lastDir, C:\\Documents and Settings\\Proprietaire\\Mes documents\\Annie Prefs.js - browser.search.defaultenginename, Ask.com Prefs.js - browser.search.selectedEngine, Google Prefs.js - browser.startup.homepage, hxxps://www.google.fr Prefs.js - browser.startup.homepage_override.buildID, 20110413222027 Prefs.js - browser.startup.homepage_override.mstone, rv:2.0.1 Prefs.js - keyword.URL, hxxp://www.iadah.com/web-B-8?search&q= ======================================== **** Internet Explorer Version [8.0.6001.18702] **** HKCU_Main|Default_Page_URL - hxxp://go.microsoft.com/fwlink/?LinkId=69157 HKCU_Main|Default_Search_URL - hxxp://www.google.com/ie HKCU_Main|Search Page - hxxp://www.google.com HKCU_Main|Start Page - hxxps://www.facebook.com HKLM_Main|Default_Page_URL - hxxp://go.microsoft.com/fwlink/?LinkId=69157 HKLM_Main|Default_Search_URL - hxxp://go.microsoft.com/fwlink/?LinkId=54896 HKLM_Main|Search Page - hxxp://go.microsoft.com/fwlink/?LinkId=54896 HKLM_Main|Start Page - hxxp://www.pucuy.com/ HKCU_URLSearchHooks|{08C06D61-F1F3-4799-86F8-BE1A89362C85} - "Search Class" (C:\Program Files\OrangeHSS\SearchURLHook\SearchPageURL.dll) HKCU_SearchScopes\{0633EE93-1111-472f-A0FF-E1416B8B2EAA} - "Search" (hxxp://www.pucuy.com/google?q={searchTerms}&sa=Search&cx=partner-pub-35468619388...) HKCU_SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} - "Ask Search" (hxxp://websearch.ask.com/redirect?client=ie&tb=BT4&o=15455&src=crm&q={searchTerm...) HKCU_SearchScopes\{e3dccd12-aa1a-48c5-a38b-518a9c35992f} - "iadah" (hxxp://www.iadah.com/web-B-8?search&q={searchTerms}) HKCU_Toolbar\WebBrowser|{D4027C7F-154A-4066-A1AD-4243D8127440} (x) HKLM_Toolbar|{3EA8D036-C9E7-4721-BCDF-C13D00C4CC39} (C:\Program Files\DevNet\Toolbar\DevNet.dll) HKLM_Toolbar|{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} (C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll) HKCU_ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A} - C:\Program Files\Ask.com\SaUpdate.exe (x) HKCU_ElevationPolicy\{D3DE705E-0BB6-47E6-AB61-6FF78BE040A0} - C:\Program Files\Internet Explorer\minftnet.exe (Synersoft) HKLM_ElevationPolicy\{43023B0B-C598-4935-808C-990E0C700723} - C:\Program Files\DevNet\Toolbar\DevNetUpdater.exe (DevNet) HKLM_ElevationPolicy\{569591D2-F221-4115-9A89-762956BEB3C0} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\SmartWebPrintExe.exe (?) HKLM_ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A} - C:\Program Files\Ask.com\SaUpdate.exe (x) HKLM_Extensions\{e2e2dd38-d088-4134-82b7-f2ba38496583} - "?" (?) BHO\{2E59C859-1AF3-0080-5D44-BD22E7CE3009} - "?" (c:\windows\system32\uxatbtdb.dll) (x) BHO\{5C255C8A-E604-49b4-9D64-90988571CECB} (?) BHO\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - "avast! WebRep" (C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll) ======================================== C:\Program Files\Ad-Remover\Quarantine: 0 Fichier(s) C:\Program Files\Ad-Remover\Backup: 1 Fichier(s) C:\Ad-Report-SCAN[1].txt - 17/06/2011 17:55:10 (3963 Octet(s)) Fin à: 17:56:41, 17/06/2011 ============== E.O.F ============== Rapport Clean: ======= RAPPORT D'AD-REMOVER 2.0.0.2,G | UNIQUEMENT XP/VISTA/7 ======= Mis à jour par TeamXscript le 12/04/11 Contact: AdRemover[DOT]contact[AT]gmail[DOT]com Site web: http://www.teamxscript.org C:\Program Files\Ad-Remover\main.exe (CLEAN [1]) -> Lancé à 17:59:17 le 17/06/2011, Mode normal Microsoft Windows XP Édition familiale Service Pack 3 (X86) Proprietaire@ORDI-BUREAU ( ) ============== ACTION(S) ============== Fichier supprimé: C:\Program Files\Mozilla FireFox\Components\AskHPRFF.js Fichier supprimé: C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job Fichier supprimé: C:\Documents and Settings\Proprietaire\Application Data\Mozilla\FireFox\Profiles\19t66wo9.default\searchplugins\askcom.xml Dossier supprimé: C:\Documents and Settings\Proprietaire\Local Settings\Application Data\AskToolbar (!) -- Fichiers temporaires supprimés. -- Fichier ouvert: C:\Documents and Settings\Proprietaire\Application Data\Mozilla\FireFox\Profiles\19t66wo9.default\Prefs.js -- Ligne supprimée: user_pref("browser.search.defaultengine", "Ask.com"); Ligne supprimée: user_pref("browser.search.defaultenginename", "Ask.com"); Ligne supprimée: user_pref("browser.search.order.1", "Ask.com"); Ligne supprimée: user_pref("extensions.asktb.cbid", "H2"); Ligne supprimée: user_pref("extensions.asktb.default-channel-url-mask", "hxxp://fr.ask.com/web?q={query}&qsrc={qsrc}&... Ligne supprimée: user_pref("extensions.asktb.fresh-install", false); Ligne supprimée: user_pref("extensions.asktb.l", "dis"); Ligne supprimée: user_pref("extensions.asktb.last-config-req", "1261617542164"); Ligne supprimée: user_pref("extensions.asktb.locale", "fr_FR"); Ligne supprimée: user_pref("extensions.asktb.o", "15455"); Ligne supprimée: user_pref("extensions.asktb.overlay-reloaded-using-restart", true); Ligne supprimée: user_pref("extensions.asktb.qsrc", "2871"); Ligne supprimée: user_pref("extensions.asktb.r", "2"); -- Fichier Fermé -- Clé supprimée: HKLM\Software\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC} Clé supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC} Clé supprimée: HKLM\Software\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456} Clé supprimée: HKLM\Software\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92} Clé supprimée: HKLM\Software\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E} Clé supprimée: HKLM\Software\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56} Clé supprimée: HKLM\Software\Classes\GenericAskToolbar.ToolbarWnd Clé supprimée: HKLM\Software\Classes\GenericAskToolbar.ToolbarWnd.1 Clé supprimée: HKLM\Software\Classes\AppID\GenericAskToolbar.DLL Clé supprimée: HKLM\Software\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874} Clé supprimée: HKCU\Software\Ask.com Clé supprimée: HKCU\Software\AskToolbar Clé supprimée: HKCU\Software\AppDataLow\AskBarDis Clé supprimée: HKCU\Software\AppDataLow\AskHomePage Clé supprimée: HKCU\Software\AppDataLow\AskToolbarInfo Clé supprimée: HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF Clé supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF Clé supprimée: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} Clé supprimée: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A} Clé supprimée: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A} Clé supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE} Clé supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440} Clé supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440} Valeur supprimée: HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser|{D4027C7F-154A-4066-A1AD-4243D8127440} ============== SCAN ADDITIONNEL ============== **** Mozilla Firefox Version [4.0.1 (fr)] **** HKLM_MozillaPlugins\Adobe Reader (x) Searchplugins\bing.xml ( hxxp://www.bing.com/search) Searchplugins\pucuy.xml (hxxp://www.pucuy.com/google) Components\browsercomps.dll (Mozilla Foundation) -- C:\Documents and Settings\Proprietaire\Application Data\Mozilla\FireFox\Profiles\19t66wo9.default -- Extensions\toolbar@iadah.com (?) Extensions\z0rya@free.fr (zoryazilla) Searchplugins\iadah.xml (<SearchPlugin xmlns=hxxp://www.mozilla.org/2006/browser/search/<ShortNameiadah</ShortName<Descriptioniadah</Description<...) Prefs.js - browser.download.lastDir, C:\\Documents and Settings\\Proprietaire\\Mes documents\\Annie Prefs.js - browser.search.selectedEngine, Google Prefs.js - browser.startup.homepage, hxxps://www.google.fr Prefs.js - browser.startup.homepage_override.buildID, 20110413222027 Prefs.js - browser.startup.homepage_override.mstone, rv:2.0.1 Prefs.js - keyword.URL, hxxp://www.iadah.com/web-B-8?search&q= ======================================== **** Internet Explorer Version [8.0.6001.18702] **** HKCU_Main|Default_Page_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome HKCU_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKCU_Main|Search bar - hxxp://go.microsoft.com/fwlink/?linkid=54896 HKCU_Main|Start Page - hxxp://fr.msn.com/ HKLM_Main|Default_Page_URL - hxxp://go.microsoft.com/fwlink/?LinkId=54896 HKLM_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM_Main|Search bar - hxxp://search.msn.com/spbasic.htm HKLM_Main|Search Page - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM_Main|Start Page - hxxp://fr.msn.com/ HKCU_URLSearchHooks|{08C06D61-F1F3-4799-86F8-BE1A89362C85} - "Search Class" (C:\Program Files\OrangeHSS\SearchURLHook\SearchPageURL.dll) HKCU_SearchScopes\{0633EE93-1111-472f-A0FF-E1416B8B2EAA} - "Search" (hxxp://www.pucuy.com/google?q={searchTerms}&sa=Search&cx=partner-pub-35468619388...) HKCU_SearchScopes\{e3dccd12-aa1a-48c5-a38b-518a9c35992f} - "iadah" (hxxp://www.iadah.com/web-B-8?search&q={searchTerms}) HKLM_Toolbar|{3EA8D036-C9E7-4721-BCDF-C13D00C4CC39} (C:\Program Files\DevNet\Toolbar\DevNet.dll) HKLM_Toolbar|{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} (C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll) HKCU_ElevationPolicy\{D3DE705E-0BB6-47E6-AB61-6FF78BE040A0} - C:\Program Files\Internet Explorer\minftnet.exe (Synersoft) HKLM_ElevationPolicy\{43023B0B-C598-4935-808C-990E0C700723} - C:\Program Files\DevNet\Toolbar\DevNetUpdater.exe (DevNet) HKLM_ElevationPolicy\{569591D2-F221-4115-9A89-762956BEB3C0} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\SmartWebPrintExe.exe (?) HKLM_Extensions\{e2e2dd38-d088-4134-82b7-f2ba38496583} - "?" (?) BHO\{2E59C859-1AF3-0080-5D44-BD22E7CE3009} - "?" (c:\windows\system32\uxatbtdb.dll) (x) BHO\{5C255C8A-E604-49b4-9D64-90988571CECB} (?) BHO\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - "avast! WebRep" (C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll) ======================================== C:\Program Files\Ad-Remover\Quarantine: 5 Fichier(s) C:\Program Files\Ad-Remover\Backup: 15 Fichier(s) C:\Ad-Report-CLEAN[1].txt - 17/06/2011 17:59:29 (4090 Octet(s)) C:\Ad-Report-SCAN[1].txt - 17/06/2011 17:55:10 (7770 Octet(s)) Fin à: 18:01:26, 17/06/2011 ============== E.O.F ============== Toujours un message d'avast... -
[Résolu] PC Infecté
willow93 a répondu à un(e) sujet de willow93 dans Analyses et éradication malwares
pour précision Avast detecte toujours une menace sur svchost j'ai refait un Hijack, voici le log : Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 17:37:04, on 17/06/2011 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\AVAST Software\Avast\AvastSvc.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\svchost.exe C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\CDBurnerXP\NMSAccessU.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\RTHDCPL.EXE C:\program files\real\realplayer\update\realsched.exe C:\Program Files\AVAST Software\Avast\avastUI.exe C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\System32\alg.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Program Files\HP\Digital Imaging\bin\hpqdirec.exe C:\Documents and Settings\Proprietaire\Mes documents\Téléchargements\HiJackThis.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN : Hotmail, Messenger, Bing, Actualité et Sport R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Navigateur incompatible | Facebook R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN : Hotmail, Messenger, Bing, Actualité et Sport R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = pucuy.com R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\OrangeHSS\SearchURLHook\SearchPageURL.dll O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: (no name) - {2E59C859-1AF3-0080-5D44-BD22E7CE3009} - c:\windows\system32\uxatbtdb.dll (file missing) O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O3 - Toolbar: Iadah Toolbar - {3EA8D036-C9E7-4721-BCDF-C13D00C4CC39} - C:\Program Files\DevNet\Toolbar\DevNet.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\program files\real\realplayer\update\realsched.exe" -osboot O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe" O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [EPSON Stylus D78 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBGE.EXE /FU "C:\WINDOWS\TEMP\E_SE6.tmp" /EF "HKCU" O4 - HKCU\..\Run: [5X5WWG2X4H9D6B4XAQHOHZEHTGIJ] C:\wins.Bin\353F139947E.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200 O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html O9 - Extra button: Sélection intelligente HP - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{9CA2FBF0-EF75-4B29-AA1B-E7D88382756E}: NameServer = 192.168.1.1 O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe O23 - Service: Service Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Service Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- End of file - 9249 bytes -
[Résolu] PC Infecté
willow93 a répondu à un(e) sujet de willow93 dans Analyses et éradication malwares
Merci de ta réponse rapide Voici le rapport : All processes killed Error: Unable to interpret <Go> in the current context! ========== FILES ========== c:\program files\Ask.com folder moved successfully. ========== REGISTRY ========== Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found. Registry key HKEY_CLASSES_ROOT\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: LocalService ->Temp folder emptied: 115616 bytes ->Temporary Internet Files folder emptied: 29297652 bytes ->Java cache emptied: 0 bytes ->Flash cache emptied: 11598 bytes User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 478434636 bytes ->Java cache emptied: 44187 bytes ->Flash cache emptied: 19961 bytes User: Proprietaire ->Temp folder emptied: 496265748 bytes ->Temporary Internet Files folder emptied: 21804769 bytes ->Java cache emptied: 1169078 bytes ->FireFox cache emptied: 97774167 bytes ->Google Chrome cache emptied: 6138516 bytes ->Flash cache emptied: 116950 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 104825353 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 133825453 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes RecycleBin emptied: 590947073 bytes Total Files Cleaned = 1 870,00 mb OTM by OldTimer - Version 3.1.18.0 log created on 06172011_171501 Files moved on Reboot... C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\W2VCUD84\search[4].txt moved successfully. C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\QH5LDSLE\activityi;src=2507573;type=ads-a681;cat=ads-a455;ord=6557592470850[1].htm moved successfully. File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\QH5LDSLE\google_fr[1].txt not found! C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\Q8PLHB23\language_tools[1].txt moved successfully. C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\OXWWETX6\search[3].txt moved successfully. C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\OXWWETX6\search[4].txt moved successfully. C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\CYXIJ5OT\search[3].txt moved successfully. File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\9V28QC3Q\js_minified[2].js not found! File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\6G925CP5\TOS[1].txt not found! File C:\Documents and Settings\Proprietaire\Local Settings\Temp\Répertoire temporaire 2 pour Pinnacle Studio 9.4.3 Multilanguage Claves De Activacion Hollywood Fx 5.1 Plus Extra Packs Maunal Y Efectos.par.eMule-Paradise.com.zip\MANUAL Completo - Pinnacle Studio 9 en Español [uge not found! File C:\Documents and Settings\Proprietaire\Local Settings\Temp\Répertoire temporaire 1 pour Pinnacle Studio 9.4.3 Multilanguage Claves De Activacion Hollywood Fx 5.1 Plus Extra Packs Maunal Y Efectos.par.eMule-Paradise.com.zip\MANUAL Completo - Pinnacle Studio 9 en Español [uge not found! C:\Documents and Settings\Proprietaire\Local Settings\Temporary Internet Files\Content.IE5\S2LN7M67\list-item-plus[1].png moved successfully. C:\Documents and Settings\Proprietaire\Local Settings\Temporary Internet Files\Content.IE5\6NZ2I8O1\background_button_green_full[1].png moved successfully. File move failed. C:\WINDOWS\temp\_avast_\Webshlock.txt scheduled to be moved on reboot. Registry entries deleted on Reboot... -
Bonjour, J'ai tenté d'éliminer plusieurs virus/malwares sans succès (acev Avast et antivir + malwarebytes) Voici le rapport Hijack This Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 15:32:28, on 17/06/2011 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\AVAST Software\Avast\AvastSvc.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\system32\svchost.exe C:\program files\real\realplayer\update\realsched.exe C:\Program Files\AVAST Software\Avast\avastUI.exe C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\CDBurnerXP\NMSAccessU.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\OrangeHSS\systray\systrayapp.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe C:\WINDOWS\System32\alg.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Documents and Settings\Proprietaire\Mes documents\Téléchargements\HiJackThis.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN : Hotmail, Messenger, Bing, Actualité et Sport R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Navigateur incompatible | Facebook R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN : Hotmail, Messenger, Bing, Actualité et Sport R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = pucuy.com R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\OrangeHSS\SearchURLHook\SearchPageURL.dll O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: (no name) - {2E59C859-1AF3-0080-5D44-BD22E7CE3009} - c:\windows\system32\uxatbtdb.dll (file missing) O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll O3 - Toolbar: Iadah Toolbar - {3EA8D036-C9E7-4721-BCDF-C13D00C4CC39} - C:\Program Files\DevNet\Toolbar\DevNet.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\program files\real\realplayer\update\realsched.exe" -osboot O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe" O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [EPSON Stylus D78 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBGE.EXE /FU "C:\WINDOWS\TEMP\E_SE6.tmp" /EF "HKCU" O4 - HKCU\..\Run: [5X5WWG2X4H9D6B4XAQHOHZEHTGIJ] C:\wins.Bin\353F139947E.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200 O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html O9 - Extra button: Sélection intelligente HP - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{9CA2FBF0-EF75-4B29-AA1B-E7D88382756E}: NameServer = 192.168.1.1 O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe O23 - Service: Service Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Service Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- End of file - 9721 bytes
-
Crash de l'ordi du à virus ?
willow93 a répondu à un(e) sujet de willow93 dans Analyses et éradication malwares
Personne pour m'aider ?